Anthropic: Measuring LLMs' impact on N-day exploits (red.anthropic.com)

Anthropic researchers have demonstrated that large language models (LLMs) like their Claude Mythos Preview can significantly accelerate the development of N-day exploits—vulnerabilities that have been publicly disclosed but remain unpatched on many systems. Unlike zero-day vulnerabilities, which are unknown to vendors, N-days often pose a heightened risk as attackers can reverse-engineer fixes to swiftly exploit unprotected devices. The study revealed that Mythos Preview could autonomously create eight working code-execution exploits from recent Firefox and Windows kernel security patches, highlighting a drastic reduction in the time and expertise required for exploit development. This capability underscores a troubling implication for the AI/ML community and cybersecurity at large: the existing patch gaps can now be exploited more rapidly than ever, posing an increased threat to affected systems. Models demonstrated the ability to not only construct proof-of-concept crashes but also full exploit chains, with one model turning 18 Windows vulnerabilities into exploits within hours. Given that many systems still have a wait time of several days to weeks for patches to be applied, the results suggest that defenders need to expedite their deployment processes to keep pace with the growing vulnerabilities. As LLMs become more capable, the evolution of threat landscapes will necessitate a reevaluation of current cybersecurity measures.